gosec: G601: Implicit memory aliasing in for loop

plugin/v2/plugin.go:141:50: G601: Implicit memory aliasing in for loop. (gosec) updateSettingsEnv(&p.PluginObj.Settings.Env, &s) ^ libcontainerd/remote/client.go:572:13: G601: Implicit memory aliasing in for loop. (gosec) cpDesc = &m ^ distribution/push_v2.go:400:34: G601: Implicit memory aliasing in for loop. (gosec) (metadata.CheckV2MetadataHMAC(&mountCandidate, pd.hmacKey) || ^ builder/dockerfile/builder.go:261:84: G601: Implicit memory aliasing in for loop. (gosec) currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta) ^ builder/dockerfile/builder.go:278:46: G601: Implicit memory aliasing in for loop. (gosec) if err := initializeStage(dispatchRequest, &stage); err != nil { ^ daemon/container.go:283:40: G601: Implicit memory aliasing in for loop. (gosec) if err := parser.ValidateMountConfig(&cfg); err != nil { ^ Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-16 17:21:26 +02:00 · 2021-04-16 17:21:26 +02:00 · d13997b4ba
parent f77213efc2
commit d13997b4ba
5 changed files with 13 additions and 7 deletions
--- a/builder/dockerfile/builder.go
+++ b/builder/dockerfile/builder.go
@ -254,10 +254,10 @@ func (b *Builder) dispatchDockerfileWithCancellation(parseResult []instructions.
 		totalCommands += len(stage.Commands)
 	}
 	shlex := shell.NewLex(escapeToken)
-	for _, meta := range metaArgs {
-		currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta)
+	for i := range metaArgs {
+		currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &metaArgs[i])

-		err := processMetaArg(meta, shlex, buildArgs)
+		err := processMetaArg(metaArgs[i], shlex, buildArgs)
 		if err != nil {
 			return nil, err
 		}
@ -265,7 +265,8 @@ func (b *Builder) dispatchDockerfileWithCancellation(parseResult []instructions.

 	stagesResults := newStagesBuildResults()

-	for _, stage := range parseResult {
+	for _, s := range parseResult {
+		stage := s
 		if err := stagesResults.checkStageNameAvailable(stage.Name); err != nil {
 			return nil, err
 		}
--- a/daemon/container.go
+++ b/daemon/container.go
@ -279,7 +279,8 @@ func validateHostConfig(hostConfig *containertypes.HostConfig, platform string)
 	}
 	// Validate mounts; check if host directories still exist
 	parser := volumemounts.NewParser(platform)
-	for _, cfg := range hostConfig.Mounts {
+	for _, c := range hostConfig.Mounts {
+		cfg := c
 		if err := parser.ValidateMountConfig(&cfg); err != nil {
 			return err
 		}
--- a/distribution/push_v2.go
+++ b/distribution/push_v2.go
@ -326,7 +326,8 @@ func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.
 	// Attempt to find another repository in the same registry to mount the layer from to avoid an unnecessary upload
 	candidates := getRepositoryMountCandidates(pd.repoInfo, pd.hmacKey, maxMountAttempts, v2Metadata)
 	isUnauthorizedError := false
-	for _, mountCandidate := range candidates {
+	for _, mc := range candidates {
+		mountCandidate := mc
 		logrus.Debugf("attempting to mount layer %s (%s) from %s", diffID, mountCandidate.Digest, mountCandidate.SourceRepository)
 		createOpts := []distribution.BlobCreateOption{}

--- a/libcontainerd/remote/client.go
+++ b/libcontainerd/remote/client.go
@ -568,6 +568,7 @@ func (c *client) CreateCheckpoint(ctx context.Context, containerID, checkpointDi

 	var cpDesc *v1.Descriptor
 	for _, m := range index.Manifests {
+		m := m
 		if m.MediaType == images.MediaTypeContainerd1Checkpoint {
 			cpDesc = &m // nolint:gosec
 			break
--- a/plugin/v2/plugin.go
+++ b/plugin/v2/plugin.go
@ -126,7 +126,9 @@ func (p *Plugin) Set(args []string) error {
 	// TODO(vieux): lots of code duplication here, needs to be refactored.

 next:
-	for _, s := range sets {
+	for _, set := range sets {
+		s := set
+
 		// range over all the envs in the config
 		for _, env := range p.PluginObj.Config.Env {
 			// found the env in the config